search

panamax-rs / panamax

Mirror rustup and crates.io repositories, for offline Rust and cargo usage.
Apache License 2.0
427 stars 45 forks source link

Update dependencies #87

Closed ob closed 1 year ago

ob commented 1 year ago

I was playing with Panamax and while running cargo audit found this:

panamax ❯ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 477 security advisories (from /Users/obonilla/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (230 crate dependencies)
Crate:     regex
Version:   1.4.6
Title:     Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date:      2022-03-08
ID:        RUSTSEC-2022-0013
URL:       https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution:  Upgrade to >=1.5.5
Dependency tree:
regex 1.4.6
├── env_logger 0.9.3
│   └── panamax 1.0.6
└── console 0.14.1
    └── panamax 1.0.6

error: 1 vulnerability found!

Updating the dependencies made it go away.

k3d3 commented 1 year ago

LGTM! Thank you!